home | list info | list archive | date index | thread index

[OCLUG-Tech] how to best (securely?) install S/W on 1000s of remote sites?

  • Subject: [OCLUG-Tech] how to best (securely?) install S/W on 1000s of remote sites?
  • From: "Robert P. J. Day" <rpjday [ at ] crashcourse [ dot ] ca>
  • Date: Tue, 6 Sep 2016 14:40:37 -0400 (EDT)
(if there is an obvious solution to this, then i'm just missing it.)

  i'm pondering how best to install a new linux distro on remote
hosts, under the assumption that there will be someone *at* the remote
site and able to invoke the program to kick the whole thing off --
that part is a given.

  i've already written/stolen an installer which will download various
binary images, and will (as root) partition the target disk, and
create filesystems, and so on and so on ... again, that's not the
issue. that the installer will have to run as root is kind of obvious,
given its need to do low-level disk manipulation and so on, so no
issue there.

  the issue is how to securely download the binary images (u-boot
binary, root filesystem tarball, additional proprietary apps), etc,
etc, where all those images are at a central and well-known IP
address. so here's my thinking thus far.

  the consensus is that we should use "scp" to grab the images, which
is fine with me, but how does one set this up to run "securely" in the
first place. i can already see that the downloading does not require
root privilege -- one can create a username like "installer", which
has limited privileges and exists only for downloading.

  so do we use a password when invoking the remote account for "scp"?
that would kind of defeat the purpose if passwords can be hacked (even
if they're transmitted in ciphertext).

  each installer program could, upon being invoked at the remote site,
create a private/public key pair for the "installer" account, but you
can't use "ssh-copy-id" to add it to the central/server host without a
password, so you're right back where you started.

  one idea i had is that downloading the base linux distro doesn't
need to be that secure as it's just linux, but once that remote
install comes up for the first time, it can (somehow securely)
download the proprietary app.

  am i overthinking this? is there a simply solution i'm overlooking?

rday

-- 

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================